On Tue, 18 Nov 2003, Alan wrote:
> Running programs in a sandbox or letting the OS decide what is or is not
> a virus would require some sort of database for the os to look up a
> binary fingerprint, or do some sort of heuristic check to see what the
> app or docuement is doing, and if it's allowed. It would have to know
> that ssh starting up is different than a user (or root) executed program
> that opens up a port that allows incoming connections.
A central database of binary footprints is not the way to go.
Microsoft tried something like this with Authenticode. The
local database of footprints should only be used to enforce
policy decisions made by the user (e.g. "let this app open
an IRC port").
--
Stuart D. Gathman <stuart@xxxxxxxx>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"[Microsoft] products are even less buggy than others, in terms of
per capita usage." - Steve Balmer, Microsoft Corporation
_______________________________________________
gnome-list mailing list
gnome-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gnome-list
